Let's Encrypt: Messages about expired certificates discontinued
Let's Encrypt had already announced the end of certificate expiry notifications earlier in the year. Now the function is passé.
(Image: wk1003mike/Shutterstock.com)
At the beginning of the year, Let's Encrypt announced that it would no longer send notification emails when old certificates expire. Now the project reminds us that it has discontinued this function as of June 4.
This is what Let's Encrypt participants write in a news article. There, they once again explain the reasons why they no longer offer this service. Over the past ten years, an increasing number of users have set up reliable automation for certificate renewal. Providing expiration notifications meant that Let's Encrypt had to keep millions of email addresses associated with the issuance data; since the organization takes privacy seriously, they felt it was important to resolve this requirement.
In addition, the delivery of certificate expiry emails costs thousands of US dollars every year. Money that Let's Encrypt would rather spend on other aspects of its infrastructure. Let's Encrypt's final argument is that mail delivery adds complexity to the IT infrastructure, which takes time and attention to manage and increases the likelihood of errors occurring. In the long term, the organization must contain the overall complexity. Particularly regarding the addition of new service components, old system components that can no longer be justified must therefore go.
Use alternative offers
Let's Encrypt also points out again that there are third-party services that the organization recommends. For example, Red Sift Certificates Lite, formerly known as Hardenize, provides a monitoring service that includes free expiry emails for up to 250 certificates.
The certificate service Let's Encrypt has now deleted the email addresses that are linked to the issue data in the CA (Certificate Authority) database. Email addresses used to subscribe to mailing lists and other systems are excluded. In the future, Let's Encrypt will no longer store email addresses that arrive via the ACME API; instead, they will end up on the Internet Security Research Group (ISRG) mailing list without being linked to any account data. If the e-mail address is not yet known, the service sends an onboarding e-mail. ISRG is the non-profit parent organization of Let's Encrypt.
Videos by heise
The project had already announced in February of this year that it would no longer be providing the function as of June 4. Users of the service were informed of this by email, among other things.
(dmk)
